When you want to play an online game, you can choose an and start trying your luck in a few seconds. However, there is a limit to the games you can play per minute as a “human”. An army of “robots”, on the other hand, can play hundreds of times more games than you in the same period. This is just one example of what botnets can do: in real life, they are not used for such innocent purposes. In this article, we will briefly explain what botnets are and talk about how they are used to make money.
What is a botnet?
To explain without going into technical details, a botnet is a “zombie army” made up of hundreds or even thousands of computers controlled by a single person or a specific group. Depending on the capabilities of the attacker, even tens of thousands of computers can be found in a botnet. These are technically hacked computers, but their owners may not be aware of the situation. Because the purpose of a botnet is not to completely take over the computers but to use them for things that are actually pretty simple (like clicking a link). Therefore, computer owners may not even realize that their devices are being used for malicious purposes in the background because each one is doing a simple thing. But when it all comes together, an incredible amount of processing power emerges. Even the computer you are using to read this article may be used in a DDoS attack right now without your knowledge.
Making money with a botnet
First, let’s start by stating that there is no such thing as a “legal” botnet. Botnets are always illegal and used for malicious purposes. The purpose may be to harm a specific target (for example, a company) or it may be to make money for the botnet owner. In any case, there is no such thing as a legitimate botnet used for good purposes.
If you have an army of thousands of computers at your disposal, there are many things you can do to make money. A large number of computers means, above all, a great deal of processing power: a calculation that a single computer would struggle to complete for months can be completed by thousand computers in a few hours. In this regard, here are some of the ways to make money with a botnet:
You can mine cryptocurrencies with it
You can also earn cryptocurrencies by “mining”, you don’t have to buy them. However, the processing power required for this task is quite high, and a single computer can mine a single Bitcoin in a month, for example. However, if you have a thousand computers do this job at the same time, you can reduce this time to hours. The botnet called “Smominru”, which was discovered in 2017 controlled 526,000 computers and managed to mine 2.6 million dollars worth of Monero in just 9 months. It is possible to set up a similar botnet for any kind of cryptocurrency that is mineable.
You can click ads with it
This is a surprisingly simple yet effective scam tactic and is predominantly done using Google AdSense, as this ad-network system is more profitable. Let’s explain it step by step:
- The scammer creates “fake” websites. It is necessary to create hundreds of sites in order for the system to make a profit, but this is not as difficult as you think, because there are programs that will automate this work to a large extent.
- The scammer registers each of these sites with Google AdSense. This system displays ads on registered sites and pays very little per click. In other words, it is not normally a method you can earn a lot but remember that the scammer controls hundreds of sites.
- Computers in the botnet start clicking on these ads. This too is an automatic process and there is no reason for Google AdSense to be suspicious, as each computer has a different IP address.
With fake clicks, it is possible to earn much more than you can imagine, and this type of scam can easily be adapted to other platforms. For example, it is possible to set up the same system for YouTube or Twitch (view-botting). An ad-fraud ring that was discovered in Russia in 2016 was making 3 million dollars a day. It achieved this by creating about 300 million fake clicks/views with a botnet of 500,000 computers.
“DrainerBot”, which was revealed in 2019, was a malware that infected Android phones: it targeted smartphones, not computers, and could earn $40,000 a day with the phones it infected. The biggest ad-fraud ring ever discovered was named “3ve” and consisted of 700,000 computers & smartphones. None of the owners of these computers was aware that they were part of a botnet.